Symantec has expanded its portfolio by acquiring identity protection firm LifeLock with a $2.3 billion dip into its pockets. Since Symantec divested itself of Veritas at a loss to the Carlyle Group in 2015, it has been looking to move into new markets. It acquired Blue Coat in August for $4.65 billion, a move that was seen to enhance its enterprise offerings.
The reason for the LifeLock acquisition is to bolster its consumer arm, Norton. Although currently profitable, Norton has been struggling with growth due to declining consumer PC sales. Traditionally, Norton has been bundled with new consumer OEM (original equipment manufacture) PCs in the hope that after the “free” year, the owner will just pay the subscription to keep the protection; this model been doubly hit due to declining PC sales and the rise of free antivirus protection from the likes of Free AVG.
According to Fran Rosch, executive VP of Norton, Symantec has previously dabbled in identity security, but it has nowhere near the 4.4 million members that LifeLock currently has. This, according to Rosch, is its way back to growth.
This is surprising, as LifeLock has a rather checkered history. One of its founders, who left due to the controversy, spent a number of days in an Arizona prison for failing to repay a Las Vegas casino marker. In 2008, credit information company Experian sued LifeLock for fraud and false advertising; a year and a half later, LifeLock settled out of court, agreeing to stop setting fraud alerts. In 2010, it was charged by the FTC in thirty-five US states for deceptive advertising, alleging that the company’s identity theft prevention and data security claims were false. In fact, then–FTC Chairman Jon Leibowitz, whilst referring to the offending advert, stated that “the protection they provided left such a large hole…that you could drive that truck through it.” LifeLock again settled out of court, for $12 million.
In 2015, the FTC found LifeLock in contempt of the 2010 agreement, charging that it had “failed to establish and maintain a comprehensive information security program” and “falsely advertised that it protected consumers’ sensitive data.” For this, the FTC obtained a further $100 million settlement.
Yes, the company has won some industry awards for its products, but I have the distinct feeling that Symantec may not have carried out an in-depth due diligence process regarding this purchase. This company comes with significant adverse baggage. The Blue Coat acquisition made sense, both financially and strategically. This acquisition does not. LifeLock’s products appear to be of questionable value. I question whether 4.4 million members is good business for a $4.65 billion layout.